Authentication Analysis Based on Certificate for Proxy Mobile IPv6 Environment
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part I
An abstract model of a trusted platform
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
| Hi-index | 0.00 |
BAN Logic is a well-known authentication logic which, despite other more recent logics and formal methods, remains popular with many protocol designers. BAN Logic however does not properly deal with the issues of certificates and the use of Public Key Infrastructure (PKI). This paper proposes an extension to BAN Logic which focuses on certificate processing within the PKI setting. Our extension is along the lines of the work by Gaarder and Snekkenes but better captures current aspects of PKI. In particular, our extension redresses the reasoning on the goodness of private keys, and considers certificate revocation. Common pitfalls in public-key based protocol design are due to insufficient attention placed on the "intended recipient" as well as the "stated sender" of a message. Our extension makes the recipient and sender explicit, which reduces the likelihood of introducing such flaws into the protocol and its subsequent proof using BAN Logic. In summary, our logic is primarily focused on making BAN Logic more concise yet practical to use on PKI-based protocols.